Ok, thnx, problem solved. But about the XSS attacks: what is a XSS attack, and is there a way I can let users still use some HTML tags (like <B> and <BR>)?
TIA, Arnout "Marek Kilimajer" <[EMAIL PROTECTED]> schreef in bericht news:[EMAIL PROTECTED] > Arnout Boks wrote: > > Hi, > > > > I'm building a login page that redirects the user to the login form when an > > incorrect password is entered. An error message is passed as an URL > > parameter. Something like: > > > > if(!$pwd == $correctPwd){ > > header('Location: ' . urlencode('loginForm.php?error=Incorrect > > password')); > > exit; > > } > > Don't urlencode the whole url, only the string: > > header('Location: loginForm.php?error=' . urlencode('Incorrect password')); > > You should also use full url: > > header('Location: http://server.net/loginForm.php?error=' . > urlencode('Incorrect password')); > > When you output the string on the login page, use htmlspecialchars to be > safe of XSS attacks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
